Privacy concerns in Government’s proposal for a National Electronic Health Record (NEHR) system

MARUAH participated in the public consultation sessions on the draft Healthcare Services Act (HCSA) and submitted its feedback to the Ministry of Health (MOH). Among the provisions of the HCSA is a requirement that all medical service providers upload data on their patients into a national medical database without giving individuals the right to opt-out. Conversely, the draft bill does not give individuals the right to access all of the data being held on them in the National Electronic Health Records (NEHR) database. MOH has softened its stance on allowing individuals to opt-out and has indicated that it would voluntarily allow individuals to access some of their own data but there are still obvious privacy concerns in the NEHR.
While we are broadly supportive of the aims of the HCSA and the NEHR, the privacy protections and rights of access for patients in the draft Bill are inadequate and should be strengthened.

MARUAH’s feedback on the HCSA and NEHR is appended below. For more information on the HCSA, see MOH’s website at http://www.hcsa.sg

MARUAH Feedback on Draft Healthcare Services Bill and National Electronic Health Record

We would like to thank MOH for the opportunity to provide feedback on the draft Healthcare Services Bill. We commend MOH on its efforts to consult all stakeholders including individuals, medical providers and healthcare institutions in formulating the HCS Bill and hope that all Government Ministries would take a similar approach in consulting the public as an integral part of policy formulation before rather than after policy has been decided.

The focus of our comments will be on the National Electronic Health Record (NEHR) as that has the greatest impact on individuals’ right to privacy. We are pleased that MOH has taken public feedback into account and will strengthen privacy protections on the NEHR by

Specifically prohibiting the use of NEHR information for employment or insurance checks, even with the data subject’s consent.

Introducing an opt-out option under which patient records will not be stored in NEHR at all.

MOH staff at the public consultation session on 10 Feb 2018 also mentioned a variation of Option A under which NEHR records could be blocked from view by default but patients could specifically authorise access when they visit a healthcare facility by logging in to HealthHub. However, this solution may not be useful if patients are only allowed to view a subset of their own data in NEHR.

Data Protection Principles

Section 60 of the draft HCSA specifically disapplies the Personal Data Protection Act (PDPA) from the NEHR. This is in addition to the general exemption of public agencies from the PDPA. Nonetheless, as the government consistently claims that its accords similar levels of protection for personal data as the PDPA, it remains useful to analyze the NEHR in terms of generally accepted Data Protection principles.

Consent

The original NEHR proposal was in violation of the Consent principle in that it did not give patients the right to fully opt-out of the NEHR. We are pleased that MOH has decided to introduce an Option B. However, the opt-out process has to be accessible and efficient otherwise patients cannot be considered to have given their consent to being included in the NEHR. We note that according to MOH staff comments at the 10 Feb feedback session, only about 200 patients have opted out of the existing NEHR. Even after the NEHR is extended to private healthcare providers, the number of patients opting out will likely remain insignificant. The public policy objectives of the NEHR will still be 99.999% met even if patients are given the right to fully opt-out. While some healthcare providers may try to encourage their patients to opt out so as to reduce their administrative burden, it behoves MOH to address the healthcare providers directly rather than to deny patients’ rights as a means of forcing compliance on the healthcare providers. As a matter of principle, individuals must always retain the right to refuse to consent to have their data included in the NEHR.

Purpose Limitation & Notification

The NEHR is being promoted as a means of providing a holistic healthcare history so that people can receive safer, better and more professional care. However, we note that section 48 of the draft bill allows the Minister or Director Medical Services (DMS) to grant access to individually-identifiable health information “in the public interest” or for any “prescribed purpose”. This again raises questions of consent because whatever new purposes the Minister approves may be beyond the scope of what the patient consented to or believed she consented to at the time that her data was entered into the NEHR.

Even if we accept that there may be circumstances in which it is in the public interest to allow broader access to a patient’s data than she originally consented to, will the patient be notified that the Minister has ordered release of her health information ? According to the MOH presentation at the public consultation sessions, access logs will be exposed to patients via HealthHub. Will accesses made under Section 48 be recorded in the access logs and revealed to the individual ? If an individual opts out under option A or B, would a Ministerial order under Section 48 over-ride the opt-out ?

It is unfortunate that these powers of the Minister and DMS were not mentioned in the public consultation paper or in the feedback sessions. MOH needs to fully explain the rationale for these powers, the limits if any on the access that can be granted by the Minister, and provide examples of situations in which the Minister may decide to exercise these powers.

Access and Correction

MOH has indicated its intention to allow individuals to access their own NEHR data via HealthHub, however the draft HCSA does not contain any provisions guaranteeing an individual access to his own records. Based on MOH staff comments at the public consultation, individuals may only be given access to a subset of their own NEHR records, and this access may be more limited than that granted to healthcare providers. This is unsatisfactory because a healthcare provider would have greater rights of access to a person’s data than the person himself. If a doctor, for example, were to lookup her own records in NEHR, would her access level be that of an ordinary patient or would it be the higher level accorded to healthcare providers ? If MOH eventually decides not to give individuals the right to full access to their own records, similar restrictions should be imposed on healthcare providers such that they are also limited to the same access rights to their own data as ordinary citizens.

The failure to provide individuals full access to their own NEHR records violates the data protection principle of Access and Correction and should be rectified by specifically giving individuals the right to access their own NEHR records, and this access should be at least as broad as that given to healthcare providers. From the viewpoint of providing holistic care to a patient, the patient himself plays a critical role and is the biggest stakeholder so it is hard to justify giving the patient less access than healthcare providers to his own data.

Consultation Process

The proposed HCSA is wide-ranging and intended to strengthen governance of healthcare providers to ensure a high level of care for patients. MOH is to be commended for undertaking this review and engaging in consultations with stakeholders including the public. We trust that MOH will take the feedback into account and propose revisions to the proposed HCSA. While we recognize the need for speed in implementation, it is imperative that the revisions be published and that stakeholders be given adequate opportunity to study the revisions and suggest further changes before the Bill is sent to Parliament for the First Reading. MOH also needs to fully explain the rationale for the powers given to the Minister in section 48 and the situations in which the Minister may exercise those powers. We do not wish to see a repeat of the fiasco related to the implementation of the Do Not Call (DNC) registry in which despite multiple rounds of public consultations the Minister still issued an exemption order substantially weakening DNC protections just one week before the DNC Regulations were due to take effect.

Conclusion

We are broadly supportive of the aims of the HCSA and the NEHR. However, privacy protections and rights of access for patients in the draft Bill are inadequate and should be strengthened.

Individuals must be given the option not to have their data uploaded to NEHR at all. The process for opting out should be made efficient and accessible.

Individuals should have the right to access all their data in the NEHR and not just a subset of it. The HCSA should contain specific language guaranteeing individuals’ right of access to their own data.

There should be greater clarity on the powers of the Minister to grant access to individually-identifiable information under Section 48. Individuals should be explicitly informed when the Minister or DMS grant access under this Section and individuals should have the right to withdraw consent to such access.

Like this:

LikeLoading...

Related

This entry was posted on Tuesday, February 27th, 2018 at 9:49 pm and is filed under Privacy. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.